CVE-2010-1885 (GCVE-0-2010-1885)
Vulnerability from cvelistv5
Published
2010-06-14 18:00
Modified
2024-08-07 01:35
Severity ?
CWE
  • n/a
Summary
The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka "Help Center URL Validation Vulnerability."
References
secure@microsoft.com http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html Exploit
secure@microsoft.com http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
secure@microsoft.com http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx Vendor Advisory
secure@microsoft.com http://secunia.com/advisories/40076 Vendor Advisory
secure@microsoft.com http://www.exploit-db.com/exploits/13808
secure@microsoft.com http://www.kb.cert.org/vuls/id/578319 US Government Resource
secure@microsoft.com http://www.microsoft.com/technet/security/advisory/2219475.mspx Vendor Advisory
secure@microsoft.com http://www.securityfocus.com/archive/1/511774/100/0/threaded
secure@microsoft.com http://www.securityfocus.com/archive/1/511783/100/0/threaded
secure@microsoft.com http://www.securityfocus.com/bid/40725 Exploit
secure@microsoft.com http://www.securitytracker.com/id?1024084
secure@microsoft.com http://www.us-cert.gov/cas/techalerts/TA10-194A.html US Government Resource
secure@microsoft.com http://www.vupen.com/english/advisories/2010/1417 Vendor Advisory
secure@microsoft.com https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042
secure@microsoft.com https://exchange.xforce.ibmcloud.com/vulnerabilities/59267
secure@microsoft.com https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733
af854a3a-2127-422b-91ae-364da2661108 http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html Exploit
af854a3a-2127-422b-91ae-364da2661108 http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx
af854a3a-2127-422b-91ae-364da2661108 http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/40076 Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.exploit-db.com/exploits/13808
af854a3a-2127-422b-91ae-364da2661108 http://www.kb.cert.org/vuls/id/578319 US Government Resource
af854a3a-2127-422b-91ae-364da2661108 http://www.microsoft.com/technet/security/advisory/2219475.mspx Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/511774/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/archive/1/511783/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/40725 Exploit
af854a3a-2127-422b-91ae-364da2661108 http://www.securitytracker.com/id?1024084
af854a3a-2127-422b-91ae-364da2661108 http://www.us-cert.gov/cas/techalerts/TA10-194A.html US Government Resource
af854a3a-2127-422b-91ae-364da2661108 http://www.vupen.com/english/advisories/2010/1417 Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042
af854a3a-2127-422b-91ae-364da2661108 https://exchange.xforce.ibmcloud.com/vulnerabilities/59267
af854a3a-2127-422b-91ae-364da2661108 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T01:35:53.750Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "VU#578319",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/578319"
          },
          {
            "name": "20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511774/100/0/threaded"
          },
          {
            "name": "ms-win-helpctr-command-execution(59267)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59267"
          },
          {
            "name": "20100610 Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/511783/100/0/threaded"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx"
          },
          {
            "name": "40725",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/40725"
          },
          {
            "name": "20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html"
          },
          {
            "name": "1024084",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1024084"
          },
          {
            "name": "13808",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "http://www.exploit-db.com/exploits/13808"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.microsoft.com/technet/security/advisory/2219475.mspx"
          },
          {
            "name": "TA10-194A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html"
          },
          {
            "name": "oval:org.mitre.oval:def:11733",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733"
          },
          {
            "name": "ADV-2010-1417",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1417"
          },
          {
            "name": "MS10-042",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042"
          },
          {
            "name": "40076",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/40076"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-06-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka \"Help Center URL Validation Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-12T19:57:01",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "VU#578319",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/578319"
        },
        {
          "name": "20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511774/100/0/threaded"
        },
        {
          "name": "ms-win-helpctr-command-execution(59267)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59267"
        },
        {
          "name": "20100610 Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/511783/100/0/threaded"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx"
        },
        {
          "name": "40725",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/40725"
        },
        {
          "name": "20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html"
        },
        {
          "name": "1024084",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1024084"
        },
        {
          "name": "13808",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "http://www.exploit-db.com/exploits/13808"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.microsoft.com/technet/security/advisory/2219475.mspx"
        },
        {
          "name": "TA10-194A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html"
        },
        {
          "name": "oval:org.mitre.oval:def:11733",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733"
        },
        {
          "name": "ADV-2010-1417",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1417"
        },
        {
          "name": "MS10-042",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042"
        },
        {
          "name": "40076",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/40076"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2010-1885",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka \"Help Center URL Validation Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "VU#578319",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/578319"
            },
            {
              "name": "20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/511774/100/0/threaded"
            },
            {
              "name": "ms-win-helpctr-command-execution(59267)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/59267"
            },
            {
              "name": "20100610 Re: Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/511783/100/0/threaded"
            },
            {
              "name": "http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx",
              "refsource": "CONFIRM",
              "url": "http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx"
            },
            {
              "name": "40725",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/40725"
            },
            {
              "name": "20100609 Microsoft Windows Help Centre Handles Malformed Escape Sequences Incorrectly",
              "refsource": "FULLDISC",
              "url": "http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html"
            },
            {
              "name": "1024084",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1024084"
            },
            {
              "name": "13808",
              "refsource": "EXPLOIT-DB",
              "url": "http://www.exploit-db.com/exploits/13808"
            },
            {
              "name": "http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx",
              "refsource": "MISC",
              "url": "http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx"
            },
            {
              "name": "http://www.microsoft.com/technet/security/advisory/2219475.mspx",
              "refsource": "CONFIRM",
              "url": "http://www.microsoft.com/technet/security/advisory/2219475.mspx"
            },
            {
              "name": "TA10-194A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA10-194A.html"
            },
            {
              "name": "oval:org.mitre.oval:def:11733",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733"
            },
            {
              "name": "ADV-2010-1417",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1417"
            },
            {
              "name": "MS10-042",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042"
            },
            {
              "name": "40076",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/40076"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2010-1885",
    "datePublished": "2010-06-14T18:00:00",
    "dateReserved": "2010-05-11T00:00:00",
    "dateUpdated": "2024-08-07T01:35:53.750Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-1885\",\"sourceIdentifier\":\"secure@microsoft.com\",\"published\":\"2010-06-15T14:04:23.530\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The MPC::HexToNum function in helpctr.exe in Microsoft Windows Help and Support Center in Windows XP and Windows Server 2003 does not properly handle malformed escape sequences, which allows remote attackers to bypass the trusted documents whitelist (fromHCP option) and execute arbitrary commands via a crafted hcp:// URL, aka \\\"Help Center URL Validation Vulnerability.\\\"\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n MPC::HexToNum en el fichero Helpctr.exe de la Ayuda de Microsoft Windows y soporte t\u00e9cnico en Windows XP y Windows Server 2003 no controla correctamente las secuencias de escape con formato incorrecto, lo que permite a atacantes remotos eludir la lista blanca de documentos de confianza (La opci\u00f3n fromHCP) y ejecutar comandos de su elecci\u00f3n a trav\u00e9s de una URL hcp:// debidamente modificada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-78\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"2978BF86-5A1A-438E-B81F-F360D0E30C9C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_2003_server:*:sp2:itanium:*:*:*:*:*\",\"matchCriteriaId\":\"F7EFB032-47F4-4497-B16B-CB9126EAC9DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_server_2003:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D3B5E4F-56A6-4696-BBB4-19DF3613D020\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp2:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B339C33-8896-4896-88FF-88E74FDBC543\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:*:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE477A73-4EE4-41E9-8694-5A3D5DC88656\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:microsoft:windows_xp:-:sp2:x64:*:*:*:*:*\",\"matchCriteriaId\":\"FFAC3F90-77BF-4F56-A89B-8A3D2D1FC6D6\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40076\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/13808\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.kb.cert.org/vuls/id/578319\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2219475.mspx\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/511774/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/archive/1/511783/100/0/threaded\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.securityfocus.com/bid/40725\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1024084\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-194A.html\",\"source\":\"secure@microsoft.com\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1417\",\"source\":\"secure@microsoft.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/59267\",\"source\":\"secure@microsoft.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733\",\"source\":\"secure@microsoft.com\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2010-06/0197.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://blogs.technet.com/b/srd/archive/2010/06/10/help-and-support-center-vulnerability-full-disclosure-posting.aspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://secunia.com/advisories/40076\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.exploit-db.com/exploits/13808\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.kb.cert.org/vuls/id/578319\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.microsoft.com/technet/security/advisory/2219475.mspx\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/archive/1/511774/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/511783/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/40725\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.securitytracker.com/id?1024084\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA10-194A.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"US Government Resource\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1417\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-042\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/59267\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11733\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"evaluatorImpact\":\"Per: http://blogs.technet.com/b/msrc/archive/2010/06/10/windows-help-vulnerability-disclosure.aspx\\r\\n\\r\\n\\\"customers running Windows Vista, Windows 7, Windows Server 2008, and Windows Server 2008 R2, are not vulnerable to this issue, or at risk of attack.\\\"\"}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.